GOG
GOG is a ransomware that runs on Microsoft Windows. It is part of the HiddenTear family. Payload Transmission GOG is distributed through email spam and malicious attachments, exploits, fake updates, repackaged and infected installers. Infection GOG encrypts files using RSA-4096 cryptography. During encryption, GOG appends the ".L0CKED" extension to the name of each file. For example, "sample.jpg" is renamed to "sample.jpg.L0CKED". Following successful encryption, GOG changes the desktop wallpaper and creates a text file ("DecryptFile.txt"), placing it on the desktop. The file contain a ransom-demand message. The message states that files are encrypted using asymmetric cryptography and that they can only be restored using a unique private key. RSA-4096 is an asymmetric encryption algorithm and, thus, public (encryption) and private (decryption) keys are generated during the encryption process. Developers store the private key on a remote server and generate revenue by selling it to victims. To submit payment, victims must follow the instructions provided on GOG's website (link provided in the ransom-demand message). The cost of decryption is .3 Bitcoin (approximately $305), however, it is also stated that payment must be submitted within a certain time frame (which is not specified), otherwise the price will double. If the ransom is not paid within the time frame, the private key is permanently deleted and decryption becomes impossible. Text presented within GOG wallpaper and text file: WARNING!!! what happened to your files? All of your files were protected by a strong encryption with RZA4096 More information about the encryption keys using RZA4096 can be found here: en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen? Specially for your PC was generated personal RZA4096 key, both public and private. All your files were encrypted with a public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and de-crypt program, which is on our secret server. What do i do? So, there are two ways you can choose: wait foe a miracle and get your price doubled, or start obtaining BITCOINS NOW!, and restore your data easy way. If you have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. Your personal ID: Open DecryptFile.txt For more specific instructions please visit your personal home page, there are a few different addresses pointing to your page below. Text presented within GOG website: Your files are encrypted. You did not pay in time for decryption, that's why the decryption price increases 2 times. At the moment ,the cost of decrypting your files is 0,3 Bitcoin. In case of failure to 10.01.2017 your key will be deleted permanently and it will be impossible to decrypt yoour files. 1. You can make a payment with BitCoins,there are many methods to get them. 2. You should register Bitcoin wallet (Simplest Online Wallet) 3. Purchasing Bitcoins - Although it's not yet easy to buy bitcoins,it's getting simpler every day. Here are our recommendations: LocalBitcoins.com - Service allows you to search for people in your community willing to sell bitcoins to you directly(WU,Cash,SEPA,PayPal and many others). BTC-e.com - BTC dealer , VISA/MasterCard and etc. CoinCafe.com - the simplest and fastest way to buy and sell Bitcoins. BTCDirect.eu - the best for Europe. CEX.io - Visa / MasterCard. CoinMama.com - Visa / MasterCard. HowToBuyBitcoins.info - discover quickly how to buy and sell bitcoins in your local currency. 4. Send 0,3 Bitcoin to the following Bitcoin address: 135kMQ7eh9P6CfbyddVMfhXSjo4C7tep2T 5. After you have made the payment, fill out the fields below to receive Decryptor and DecryptionKey. Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Microsoft Windows Category:Win32 trojan Category:Trojan